Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/strapi@3.0.0-beta.20
Typenpm
Namespace
Namestrapi
Version3.0.0-beta.20
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4ncf-5535-w7hs
vulnerability_id VCID-4ncf-5535-w7hs
summary Command injection in strapi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0764
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44513
published_at 2026-06-12T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.4436
published_at 2026-06-11T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.44519
published_at 2026-06-14T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44532
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0764
1
reference_url https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.js#L13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.js#L13
2
reference_url https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c
3
reference_url https://github.com/strapi/strapi/issues/12879
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/issues/12879
4
reference_url https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5
5
reference_url https://www.github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0764
reference_id CVE-2022-0764
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0764
7
reference_url https://github.com/advisories/GHSA-xrjf-phvv-r4vr
reference_id GHSA-xrjf-phvv-r4vr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xrjf-phvv-r4vr
fixed_packages
0
url pkg:npm/strapi@4.1.0
purl pkg:npm/strapi@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@4.1.0
aliases CVE-2022-0764, GHSA-xrjf-phvv-r4vr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncf-5535-w7hs
1
url VCID-5tk4-kg1q-qbaz
vulnerability_id VCID-5tk4-kg1q-qbaz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13961
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70581
published_at 2026-06-11T12:55:00Z
1
value 0.00622
scoring_system epss
scoring_elements 0.70671
published_at 2026-06-12T12:55:00Z
2
value 0.00622
scoring_system epss
scoring_elements 0.70684
published_at 2026-06-13T12:55:00Z
3
value 0.00622
scoring_system epss
scoring_elements 0.7068
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13961
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/183045
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/183045
2
reference_url https://github.com/strapi/strapi/pull/6599
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/6599
3
reference_url https://github.com/strapi/strapi/releases/tag/v3.0.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13961
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13961
5
reference_url https://github.com/advisories/GHSA-65wv-528r-m892
reference_id GHSA-65wv-528r-m892
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65wv-528r-m892
fixed_packages
0
url pkg:npm/strapi@3.0.2
purl pkg:npm/strapi@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-f2t1-5sv7-27gv
5
vulnerability VCID-gk75-qk8k-7fab
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-rsvx-yxzd-1yb1
10
vulnerability VCID-t1hu-xbpy-jqgq
11
vulnerability VCID-t2p1-s5ed-qfdq
12
vulnerability VCID-uqjf-k4zz-kufb
13
vulnerability VCID-vgsa-h825-rbhh
14
vulnerability VCID-vqw2-gwjj-sfg6
15
vulnerability VCID-wrt9-us5a-1ff2
16
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.2
aliases CVE-2020-13961, GHSA-65wv-528r-m892
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tk4-kg1q-qbaz
2
url VCID-758c-h86m-q7f5
vulnerability_id VCID-758c-h86m-q7f5
summary Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31367
reference_id
reference_type
scores
0
value 0.00665
scoring_system epss
scoring_elements 0.71773
published_at 2026-06-12T12:55:00Z
1
value 0.00665
scoring_system epss
scoring_elements 0.71784
published_at 2026-06-14T12:55:00Z
2
value 0.00665
scoring_system epss
scoring_elements 0.71786
published_at 2026-06-13T12:55:00Z
3
value 0.00665
scoring_system epss
scoring_elements 0.71687
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31367
1
reference_url https://github.com/strapi/strapi/pull/13185
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/13185
2
reference_url https://github.com/strapi/strapi/pull/13189
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/13189
3
reference_url https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
reference_id CVE-2022-31367
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T13:50:00Z/
url https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31367
reference_id CVE-2022-31367
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31367
5
reference_url https://github.com/advisories/GHSA-4phg-hpqm-c3j4
reference_id GHSA-4phg-hpqm-c3j4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4phg-hpqm-c3j4
6
reference_url https://github.com/strapi/strapi/releases/tag/v3.6.10
reference_id v3.6.10
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T13:50:00Z/
url https://github.com/strapi/strapi/releases/tag/v3.6.10
7
reference_url https://github.com/strapi/strapi/releases/tag/v4.1.10
reference_id v4.1.10
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-22T13:50:00Z/
url https://github.com/strapi/strapi/releases/tag/v4.1.10
fixed_packages
0
url pkg:npm/strapi@3.6.10
purl pkg:npm/strapi@3.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8s8s-y1ed-qkc5
1
vulnerability VCID-d1gk-3kgs-eqcu
2
vulnerability VCID-gk75-qk8k-7fab
3
vulnerability VCID-j1sz-3wn5-kfcs
4
vulnerability VCID-kvea-g79j-kyge
5
vulnerability VCID-pmxr-ytu7-jkf2
6
vulnerability VCID-t1hu-xbpy-jqgq
7
vulnerability VCID-uqjf-k4zz-kufb
8
vulnerability VCID-vqw2-gwjj-sfg6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.6.10
aliases CVE-2022-31367, GHSA-4phg-hpqm-c3j4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-758c-h86m-q7f5
3
url VCID-8s8s-y1ed-qkc5
vulnerability_id VCID-8s8s-y1ed-qkc5
summary Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36472
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38358
published_at 2026-06-13T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38347
published_at 2026-06-14T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.3816
published_at 2026-06-11T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38335
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36472
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36472
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36472
2
reference_url https://github.com/advisories/GHSA-v8gg-4mq2-88q4
reference_id GHSA-v8gg-4mq2-88q4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8gg-4mq2-88q4
3
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4
reference_id GHSA-v8gg-4mq2-88q4
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:00:22Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4
4
reference_url https://github.com/strapi/strapi/releases/tag/v4.11.7
reference_id v4.11.7
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:00:22Z/
url https://github.com/strapi/strapi/releases/tag/v4.11.7
fixed_packages
aliases CVE-2023-36472, GHSA-v8gg-4mq2-88q4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8s8s-y1ed-qkc5
4
url VCID-d1gk-3kgs-eqcu
vulnerability_id VCID-d1gk-3kgs-eqcu
summary Cross-site Scripting in Strapi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29894
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.6545
published_at 2026-06-12T12:55:00Z
1
value 0.00476
scoring_system epss
scoring_elements 0.65349
published_at 2026-06-11T12:55:00Z
2
value 0.00476
scoring_system epss
scoring_elements 0.65459
published_at 2026-06-14T12:55:00Z
3
value 0.00476
scoring_system epss
scoring_elements 0.65461
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29894
1
reference_url https://jvn.jp/en/jp/JVN44550983/index.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN44550983/index.html
2
reference_url https://strapi.io
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://strapi.io
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29894
reference_id CVE-2022-29894
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29894
4
reference_url https://github.com/advisories/GHSA-mcqm-6ff4-53qx
reference_id GHSA-mcqm-6ff4-53qx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mcqm-6ff4-53qx
fixed_packages
aliases CVE-2022-29894, GHSA-mcqm-6ff4-53qx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1gk-3kgs-eqcu
5
url VCID-f2t1-5sv7-27gv
vulnerability_id VCID-f2t1-5sv7-27gv
summary Cross-site Scripting in Strapi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27666
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51979
published_at 2026-06-12T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51849
published_at 2026-06-11T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51976
published_at 2026-06-14T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51992
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27666
1
reference_url https://github.com/strapi/strapi/pull/8440
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8440
2
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27666
reference_id CVE-2020-27666
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27666
4
reference_url https://github.com/advisories/GHSA-qvp5-mm7v-4f36
reference_id GHSA-qvp5-mm7v-4f36
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvp5-mm7v-4f36
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-gk75-qk8k-7fab
5
vulnerability VCID-j1sz-3wn5-kfcs
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-rsvx-yxzd-1yb1
10
vulnerability VCID-t1hu-xbpy-jqgq
11
vulnerability VCID-uqjf-k4zz-kufb
12
vulnerability VCID-vgsa-h825-rbhh
13
vulnerability VCID-vqw2-gwjj-sfg6
14
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27666, GHSA-qvp5-mm7v-4f36
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2t1-5sv7-27gv
6
url VCID-kvea-g79j-kyge
vulnerability_id VCID-kvea-g79j-kyge
summary Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38507
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55539
published_at 2026-06-13T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.55526
published_at 2026-06-14T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.55404
published_at 2026-06-11T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.55524
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38507
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38507
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38507
2
reference_url https://github.com/advisories/GHSA-24q2-59hm-rh9r
reference_id GHSA-24q2-59hm-rh9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24q2-59hm-rh9r
3
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-24q2-59hm-rh9r
reference_id GHSA-24q2-59hm-rh9r
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:05:45Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-24q2-59hm-rh9r
4
reference_url https://github.com/strapi/strapi/blob/32d68f1f5677ed9a9a505b718c182c0a3f885426/packages/core/admin/server/middlewares/rateLimit.js#L31
reference_id rateLimit.js#L31
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:05:45Z/
url https://github.com/strapi/strapi/blob/32d68f1f5677ed9a9a505b718c182c0a3f885426/packages/core/admin/server/middlewares/rateLimit.js#L31
5
reference_url https://github.com/strapi/strapi/releases/tag/v4.12.1
reference_id v4.12.1
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:05:45Z/
url https://github.com/strapi/strapi/releases/tag/v4.12.1
fixed_packages
aliases CVE-2023-38507, GHSA-24q2-59hm-rh9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvea-g79j-kyge
7
url VCID-pmxr-ytu7-jkf2
vulnerability_id VCID-pmxr-ytu7-jkf2
summary Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37263
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30091
published_at 2026-06-11T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30304
published_at 2026-06-13T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30287
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37263
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37263
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37263
2
reference_url https://github.com/advisories/GHSA-m284-85mf-cgrc
reference_id GHSA-m284-85mf-cgrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m284-85mf-cgrc
3
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc
reference_id GHSA-m284-85mf-cgrc
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:58:02Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc
4
reference_url https://github.com/strapi/strapi/releases/tag/v4.12.1
reference_id v4.12.1
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:58:02Z/
url https://github.com/strapi/strapi/releases/tag/v4.12.1
fixed_packages
aliases CVE-2023-37263, GHSA-m284-85mf-cgrc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmxr-ytu7-jkf2
8
url VCID-rsvx-yxzd-1yb1
vulnerability_id VCID-rsvx-yxzd-1yb1
summary Insecure password handling vulnerability in Strapi
references
0
reference_url http://packetstormsecurity.com/files/166915/Strapi-3.6.8-Password-Disclosure-Insecure-Handling.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/166915/Strapi-3.6.8-Password-Disclosure-Insecure-Handling.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46440
reference_id
reference_type
scores
0
value 0.03089
scoring_system epss
scoring_elements 0.87074
published_at 2026-06-11T12:55:00Z
1
value 0.03089
scoring_system epss
scoring_elements 0.87125
published_at 2026-06-14T12:55:00Z
2
value 0.03089
scoring_system epss
scoring_elements 0.87128
published_at 2026-06-13T12:55:00Z
3
value 0.03089
scoring_system epss
scoring_elements 0.87119
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46440
2
reference_url https://github.com/strapi/strapi/pull/12246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/12246
3
reference_url https://hub.docker.com/r/strapi/strapi
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hub.docker.com/r/strapi/strapi
4
reference_url https://strapi.io
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://strapi.io
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46440
reference_id CVE-2021-46440
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46440
6
reference_url https://github.com/advisories/GHSA-85vg-grr5-pw42
reference_id GHSA-85vg-grr5-pw42
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-85vg-grr5-pw42
fixed_packages
0
url pkg:npm/strapi@3.6.9
purl pkg:npm/strapi@3.6.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-gk75-qk8k-7fab
5
vulnerability VCID-j1sz-3wn5-kfcs
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-t1hu-xbpy-jqgq
10
vulnerability VCID-uqjf-k4zz-kufb
11
vulnerability VCID-vqw2-gwjj-sfg6
12
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.6.9
1
url pkg:npm/strapi@4.1.5
purl pkg:npm/strapi@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-u7ks-773w-3khh
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@4.1.5
aliases CVE-2021-46440, GHSA-85vg-grr5-pw42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-yxzd-1yb1
9
url VCID-t2p1-s5ed-qfdq
vulnerability_id VCID-t2p1-s5ed-qfdq
summary Improper Authorization in Strapi
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27665
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.53098
published_at 2026-06-12T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.5297
published_at 2026-06-11T12:55:00Z
2
value 0.00292
scoring_system epss
scoring_elements 0.53097
published_at 2026-06-14T12:55:00Z
3
value 0.00292
scoring_system epss
scoring_elements 0.53114
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27665
1
reference_url https://github.com/strapi/strapi/commit/3cdd73987950d5c7976701047b38203e902007bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/3cdd73987950d5c7976701047b38203e902007bb
2
reference_url https://github.com/strapi/strapi/pull/8439
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8439
3
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
4
reference_url https://snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-1021616
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-1021616
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27665
reference_id CVE-2020-27665
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27665
6
reference_url https://github.com/advisories/GHSA-4p55-xj37-fx7g
reference_id GHSA-4p55-xj37-fx7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p55-xj37-fx7g
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-gk75-qk8k-7fab
5
vulnerability VCID-j1sz-3wn5-kfcs
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-rsvx-yxzd-1yb1
10
vulnerability VCID-t1hu-xbpy-jqgq
11
vulnerability VCID-uqjf-k4zz-kufb
12
vulnerability VCID-vgsa-h825-rbhh
13
vulnerability VCID-vqw2-gwjj-sfg6
14
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27665, GHSA-4p55-xj37-fx7g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2p1-s5ed-qfdq
10
url VCID-uqjf-k4zz-kufb
vulnerability_id VCID-uqjf-k4zz-kufb
summary Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34093
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27427
published_at 2026-06-11T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27638
published_at 2026-06-14T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27629
published_at 2026-06-12T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27653
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34093
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34093
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34093
2
reference_url https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de
reference_id 2fa8f30371bfd1db44c15e5747860ee5789096de
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de
3
reference_url https://github.com/advisories/GHSA-chmr-rg2f-9jmf
reference_id GHSA-chmr-rg2f-9jmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chmr-rg2f-9jmf
4
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf
reference_id GHSA-chmr-rg2f-9jmf
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf
5
reference_url https://github.com/strapi/strapi/releases/tag/v4.10.8
reference_id v4.10.8
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/releases/tag/v4.10.8
fixed_packages
aliases CVE-2023-34093, GHSA-chmr-rg2f-9jmf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqjf-k4zz-kufb
11
url VCID-vgsa-h825-rbhh
vulnerability_id VCID-vgsa-h825-rbhh
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28128
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49589
published_at 2026-06-11T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49725
published_at 2026-06-12T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49745
published_at 2026-06-13T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49732
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28128
1
reference_url https://github.com/strapi/strapi/issues/9657
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/issues/9657
2
reference_url https://github.com/strapi/strapi/releases/tag/v3.6.0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.6.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28128
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28128
4
reference_url https://strapi.io/changelog
reference_id
reference_type
scores
url https://strapi.io/changelog
5
reference_url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-008.txt
6
reference_url https://github.com/advisories/GHSA-37hx-4mcq-wc3h
reference_id GHSA-37hx-4mcq-wc3h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-37hx-4mcq-wc3h
fixed_packages
0
url pkg:npm/strapi@3.6.1
purl pkg:npm/strapi@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-gk75-qk8k-7fab
5
vulnerability VCID-j1sz-3wn5-kfcs
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-rsvx-yxzd-1yb1
10
vulnerability VCID-t1hu-xbpy-jqgq
11
vulnerability VCID-uqjf-k4zz-kufb
12
vulnerability VCID-vqw2-gwjj-sfg6
13
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.6.1
aliases CVE-2021-28128, GHSA-37hx-4mcq-wc3h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgsa-h825-rbhh
12
url VCID-vqw2-gwjj-sfg6
vulnerability_id VCID-vqw2-gwjj-sfg6
summary Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to another table they want to query, the query changes from `password` to `t1.password`. `password` is protected by filtering protections but `t1.password` is not protected. This can lead to filtering attacks on everything related to the object again, including admin passwords and reset-tokens. Version 4.10.8 fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34235
reference_id
reference_type
scores
0
value 0.03179
scoring_system epss
scoring_elements 0.87296
published_at 2026-06-13T12:55:00Z
1
value 0.03179
scoring_system epss
scoring_elements 0.87293
published_at 2026-06-14T12:55:00Z
2
value 0.03179
scoring_system epss
scoring_elements 0.87289
published_at 2026-06-12T12:55:00Z
3
value 0.03179
scoring_system epss
scoring_elements 0.87244
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34235
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34235
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34235
2
reference_url https://github.com/advisories/GHSA-9xg4-3qfm-9w8f
reference_id GHSA-9xg4-3qfm-9w8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xg4-3qfm-9w8f
3
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8f
reference_id GHSA-9xg4-3qfm-9w8f
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:02:03Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8f
4
reference_url https://github.com/strapi/strapi/releases/tag/v4.10.8
reference_id v4.10.8
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:02:03Z/
url https://github.com/strapi/strapi/releases/tag/v4.10.8
fixed_packages
0
url pkg:npm/strapi@4.10.8
purl pkg:npm/strapi@4.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@4.10.8
aliases CVE-2023-34235, GHSA-9xg4-3qfm-9w8f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqw2-gwjj-sfg6
13
url VCID-wrt9-us5a-1ff2
vulnerability_id VCID-wrt9-us5a-1ff2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27664
reference_id
reference_type
scores
0
value 0.01344
scoring_system epss
scoring_elements 0.80454
published_at 2026-06-11T12:55:00Z
1
value 0.01344
scoring_system epss
scoring_elements 0.80516
published_at 2026-06-12T12:55:00Z
2
value 0.01344
scoring_system epss
scoring_elements 0.80527
published_at 2026-06-13T12:55:00Z
3
value 0.01344
scoring_system epss
scoring_elements 0.80518
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27664
1
reference_url https://github.com/strapi/strapi/pull/8442
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8442
2
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27664
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27664
4
reference_url https://github.com/advisories/GHSA-7frv-9phw-vrvr
reference_id GHSA-7frv-9phw-vrvr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7frv-9phw-vrvr
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ncf-5535-w7hs
1
vulnerability VCID-758c-h86m-q7f5
2
vulnerability VCID-8s8s-y1ed-qkc5
3
vulnerability VCID-d1gk-3kgs-eqcu
4
vulnerability VCID-gk75-qk8k-7fab
5
vulnerability VCID-j1sz-3wn5-kfcs
6
vulnerability VCID-kvea-g79j-kyge
7
vulnerability VCID-mduc-tnr7-gyh8
8
vulnerability VCID-pmxr-ytu7-jkf2
9
vulnerability VCID-rsvx-yxzd-1yb1
10
vulnerability VCID-t1hu-xbpy-jqgq
11
vulnerability VCID-uqjf-k4zz-kufb
12
vulnerability VCID-vgsa-h825-rbhh
13
vulnerability VCID-vqw2-gwjj-sfg6
14
vulnerability VCID-zf19-qjyq-h3h6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27664, GHSA-7frv-9phw-vrvr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrt9-us5a-1ff2
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.0-beta.20